<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第163期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第163期）</strong></h5>
<blockquote> 2017/04/10-2017/04/16</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>一个“假”黄 APP 迁出的 7亿黑产<br><a target="_blank" href="https://www.easyaq.com/news/1175865002.shtml">https://www.easyaq.com/news/1175865002.shtml</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>2016网络安全威胁的回顾与展望《公开版》<br><a target="_blank" href="http://www.antiy.cn/report/2016_Antiy_Annual_Security_Report.html">http://www.antiy.cn/report/2016_Antiy_Annual_Security_Report.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>2016年政府信息公开工作年度报告<br><a target="_blank" href="http://www.gov.cn/zhuanti/2016zfgzbg/mobile.htm?from=timeline&amp;isappinstalled=0">http://www.gov.cn/zhuanti/2016zfgzbg/mobile.htm?from=timeline&amp;isappinstalled=0</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>owasp top 10 2017 中文版pdf<br><a target="_blank" href="http://sec.didichuxing.com/static/upload/attachment//article//20170414/1492212201311144335.pdf">http://sec.didichuxing.com/static/upload/attachment//article//20170414/1492212201311144335.pdf</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>方程式ETERNALBLUE 之fb.py的复现<br><a target="_blank" href="https://mp.weixin.qq.com/s/GEe9vWcRUIQpQPEe95fzOw?ptlang=2052&amp;ADUIN=1353059044&amp;ADSESSION=1492262423&amp;ADTAG=CLIENT.QQ.5473_.0&amp;ADPUBNO=26569">https://mp.weixin.qq.com/s/GEe9vWcRUIQpQPEe95fzOw?ptlang=2052&amp;ADUIN=1353059044&amp;ADSESSION=1492262423&amp;ADTAG=CLIENT.QQ.5473_.0&amp;ADPUBNO=26569</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XSS挑战之旅---游戏通关攻略<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1462.html">https://xianzhi.aliyun.com/forum/read/1462.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>CVE-2016-10229：linux 内核远程代码执行漏洞<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3728.html">http://bobao.360.cn/learning/detail/3728.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>漏洞应急响应之批量poc验证<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzAwMTUyMjQ5OA==&amp;mid=2650963926&amp;idx=1&amp;sn=be61347f75096a0c584ba2db7b0b2abf&amp;chksm=812eb1fbb65938ed4456938926323b541afae927c715a339b43758897d375ef4719b6b646e99&amp;mpshare=1&amp;scene=23&amp;srcid=0416vbg5YG7a7snrUVFrSWZh#rd">http://mp.weixin.qq.com/s?__biz=MzAwMTUyMjQ5OA==&amp;mid=2650963926&amp;idx=1&amp;sn=be61347f75096a0c584ba2db7b0b2abf&amp;chksm=812eb1fbb65938ed4456938926323b541afae927c715a339b43758897d375ef4719b6b646e99&amp;mpshare=1&amp;scene=23&amp;srcid=0416vbg5YG7a7snrUVFrSWZh#rd</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>ShadowBreaker方程式工具包浅析<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&amp;mid=2247483709&amp;idx=1&amp;sn=8f19c38422834efafd73eb473ae5cab5&amp;chksm=fd7afdbbca0d74ad5fff9917c6e601225f779545c5320258a3bcd6cf5e29d2ee391ef1efc892&amp;mpshare=1&amp;scene=1&amp;srcid=0415zaLTXxMmJ3OpyaGLpQnv&amp;key=3936f58">https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&amp;mid=2247483709&amp;idx=1&amp;sn=8f19c38422834efafd73eb473ae5cab5&amp;chksm=fd7afdbbca0d74ad5fff9917c6e601225f779545c5320258a3bcd6cf5e29d2ee391ef1efc892&amp;mpshare=1&amp;scene=1&amp;srcid=0415zaLTXxMmJ3OpyaGLpQnv&amp;key=3936f58</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>CVE-2017-7269 样本调试笔记<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282525&amp;idx=1&amp;sn=fd6d49991327b740f498cc09aacbed38&amp;chksm=b1815a9786f6d3811a269eb01b4f46f963963f64f0186970320f5fff9f32b8fef9ba3f1530d7&amp;mpshare=1&amp;scene=23&amp;srcid=04152zNQKuRPGIxcFpc1lviX#rd">http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&amp;mid=2458282525&amp;idx=1&amp;sn=fd6d49991327b740f498cc09aacbed38&amp;chksm=b1815a9786f6d3811a269eb01b4f46f963963f64f0186970320f5fff9f32b8fef9ba3f1530d7&amp;mpshare=1&amp;scene=23&amp;srcid=04152zNQKuRPGIxcFpc1lviX#rd</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>针对 CVE-2017-0199 的无交互漏洞利用<br><a target="_blank" href="https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/">https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于Safe DOG的文件上传bypass – 科拉实验室<br><a target="_blank" href="http://blog.cora-lab.org/193.html">http://blog.cora-lab.org/193.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Chinese-Names-Corpus: 中文人名语料库<br><a target="_blank" href="https://github.com/wainshine/Chinese-Names-Corpus">https://github.com/wainshine/Chinese-Names-Corpus</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WEB渗透测试中回显的一些技巧<br><a target="_blank" href="http://mp.weixin.qq.com/s/2gSqaX8xXH8pSKz3aLouIw">http://mp.weixin.qq.com/s/2gSqaX8xXH8pSKz3aLouIw</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>NSA方程组又一波<br><a target="_blank" href="https://github.com/x0rz/EQGRP_Lost_in_Translation">https://github.com/x0rz/EQGRP_Lost_in_Translation</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>文件包含漏洞（绕过姿势）<br><a target="_blank" href="http://thief.one/2017/04/10/2/">http://thief.one/2017/04/10/2/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>路由器漏洞挖掘<br><a target="_blank" href="https://www.blackhat.com/presentations/bh-usa-09/LINDNER/BHUSA09-Lindner-RouterExploit-SLIDES.pdf">https://www.blackhat.com/presentations/bh-usa-09/LINDNER/BHUSA09-Lindner-RouterExploit-SLIDES.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PHPCMS v9.6.0 任意文件上传漏洞分析<br><a target="_blank" href="http://paper.seebug.org/273/">http://paper.seebug.org/273/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>应急响应大合集：用于安全事件响应的工具与资源列表<br><a target="_blank" href="https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md">https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>XSSight：自动化XSS漏洞扫描以及Payload注入<br><a target="_blank" href="https://github.com/UltimateHackers/XSSight">https://github.com/UltimateHackers/XSSight</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>web常见漏洞攻防讲解－文件上传<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&amp;mid=2649846451&amp;idx=1&amp;sn=adcf6497bd22896eb75dd9c841391bf3&amp;chksm=f3e41c30c49395266ec28eaaf647460e3162a3ffad608f6fa7fd69b1f53db0aa05068df70c32&amp;mpshare=1&amp;scene=1&amp;srcid=0414ccVA3Pst3dN8DLe58sz4&amp;key=f2db881">https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&amp;mid=2649846451&amp;idx=1&amp;sn=adcf6497bd22896eb75dd9c841391bf3&amp;chksm=f3e41c30c49395266ec28eaaf647460e3162a3ffad608f6fa7fd69b1f53db0aa05068df70c32&amp;mpshare=1&amp;scene=1&amp;srcid=0414ccVA3Pst3dN8DLe58sz4&amp;key=f2db881</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>phpcms_v9.6.0_sql注入与exp<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI0MzQyNzI2OA==&amp;mid=2247484286&amp;idx=1&amp;sn=9ff65a80e7e7231e5c9a0c7bc12cf913&amp;chksm=e96c71d5de1bf8c33aa8b83238e6a5da967a19d03e5e6ef54bfce9782b564fbabd24d1891efa&amp;mpshare=1&amp;scene=1&amp;srcid=0410Dmv30VrzIqq76nVnKaCH&amp;key=23818ac">https://mp.weixin.qq.com/s?__biz=MzI0MzQyNzI2OA==&amp;mid=2247484286&amp;idx=1&amp;sn=9ff65a80e7e7231e5c9a0c7bc12cf913&amp;chksm=e96c71d5de1bf8c33aa8b83238e6a5da967a19d03e5e6ef54bfce9782b564fbabd24d1891efa&amp;mpshare=1&amp;scene=1&amp;srcid=0410Dmv30VrzIqq76nVnKaCH&amp;key=23818ac</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>针对CVE-2015-2545漏洞研究分析<br><a target="_blank" href="http://www.4hou.com/technology/4218.html">http://www.4hou.com/technology/4218.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>IDAPython：一个可以解放双手的 IDA 插件<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3730.html">http://bobao.360.cn/learning/detail/3730.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>owasp移动安全测试指南<br><a target="_blank" href="https://b-mueller.gitbooks.io/owasp-mobile-security-testing-guide/content/">https://b-mueller.gitbooks.io/owasp-mobile-security-testing-guide/content/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>jumpserver: 开源跳板机(堡垒机):认证,授权,审计,自动化运维<br><a target="_blank" href="https://github.com/jumpserver/jumpserver">https://github.com/jumpserver/jumpserver</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>一个半自动化命令注入漏洞Fuzz工具<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/243/">http://www.polaris-lab.com/index.php/archives/243/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>ip2region: 准确率99.9%的IP地址定位库<br><a target="_blank" href="https://github.com/lionsoul2014/ip2region">https://github.com/lionsoul2014/ip2region</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>hitbsecconf2017ams<br><a target="_blank" href="http://conference.hitb.org/hitbsecconf2017ams/materials/">http://conference.hitb.org/hitbsecconf2017ams/materials/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>【技术分享】手把手教你栈溢出从入门到放弃（上）<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3717.html">http://bobao.360.cn/learning/detail/3717.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>色情资源引发的百度网盘之战<br><a target="_blank" href="http://thief.one/2017/04/12/2/">http://thief.one/2017/04/12/2/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>说说Powersploit在内网渗透中的使用<br><a target="_blank" href="http://www.freebuf.com/sectool/131275.html">http://www.freebuf.com/sectool/131275.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>LimeSDR Getting Started Quickly | LimeSDR上手指南<br><a target="_blank" href="https://cn0xroot.com/2017/04/12/limesdr-getting-started-quickly/">https://cn0xroot.com/2017/04/12/limesdr-getting-started-quickly/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Go SCP - Go 语言安全编码指南<br><a target="_blank" href="https://github.com/Checkmarx/Go-SCP">https://github.com/Checkmarx/Go-SCP</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>OWASP Top 10 - 2017 RC1-English<br><a target="_blank" href="https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf">https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>安全开发基线检查 checklist<br><a target="_blank" href="https://github.com/FallibleInc/security-guide-for-developers/blob/master/security-checklist-zh.md">https://github.com/FallibleInc/security-guide-for-developers/blob/master/security-checklist-zh.md</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>CVE-2017-0199——首个Microsoft Office RTF漏洞<br><a target="_blank" href="http://www.4hou.com/technology/4260.html">http://www.4hou.com/technology/4260.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>找到CDN背后的真实IP<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651071300&amp;idx=4&amp;sn=84b87138cbf12072fbe15c7be7feeb8e&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651071300&amp;idx=4&amp;sn=84b87138cbf12072fbe15c7be7feeb8e&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Python安全运维实战：针对几种特定隐藏方式的Webshell查杀<br><a target="_blank" href="http://www.freebuf.com/articles/web/131350.html">http://www.freebuf.com/articles/web/131350.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>WPForce：适用于后渗透的WordPress安全检测工具<br><a target="_blank" href="http://www.mottoin.com/100381.html">http://www.mottoin.com/100381.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>metasploit之移植S2-045漏洞代码模块实战提权<br><a target="_blank" href="http://www.4hou.com/technology/4181.html">http://www.4hou.com/technology/4181.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>学点算法搞安全之HMM(下篇)<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483874&amp;idx=1&amp;sn=e0b75d10e627c8e2977b86a1522adf07&amp;chksm=976e7793a019fe853aa0fa62f135edcc79851eb35ba2d5d5354c599feab89afe7f046450f085&amp;scene=0&amp;key=872c5fcf4c0d7e9f5967038497f4c9b807da184e4a56e246">https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483874&amp;idx=1&amp;sn=e0b75d10e627c8e2977b86a1522adf07&amp;chksm=976e7793a019fe853aa0fa62f135edcc79851eb35ba2d5d5354c599feab89afe7f046450f085&amp;scene=0&amp;key=872c5fcf4c0d7e9f5967038497f4c9b807da184e4a56e246</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSRF in PHP<br><a target="_blank" href="http://joychou.org/index.php/web/phpssrf.html">http://joychou.org/index.php/web/phpssrf.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>在windows 10的子系统linux上安装Metasploit <br><a target="_blank" href="https://gist.github.com/dafthack/8aa4ff60cd9352448a372ce1a7b2e27e">https://gist.github.com/dafthack/8aa4ff60cd9352448a372ce1a7b2e27e</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android 8.0 新特性及开发指南<br><a target="_blank" href="http://www.4hou.com/technology/4270.html">http://www.4hou.com/technology/4270.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Analysis of a CVE-2017-0199 Malicious RTF Document <br><a target="_blank" href="https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/">https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>CVE-2017-7233分析 — Django is_safe_url() URL跳转过滤函数Bypass<br><a target="_blank" href="http://www.mottoin.com/100545.html">http://www.mottoin.com/100545.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>phpcms漏洞<br><a target="_blank" href="http://thief.one/2017/04/12/1/">http://thief.one/2017/04/12/1/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Android代码混淆技术总结（一）<br><a target="_blank" href="http://www.droidsec.cn/android代码混淆技术总结（一）/">http://www.droidsec.cn/android代码混淆技术总结（一）/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>A Magento breach analysis (part 1)<br><a target="_blank" href="https://gwillem.gitlab.io/2017/04/12/magento-breach-analysis/">https://gwillem.gitlab.io/2017/04/12/magento-breach-analysis/</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Arduino+Avr libc制作Badusb原理及示例讲解<br><a target="_blank" href="http://www.freebuf.com/articles/system/131363.html">http://www.freebuf.com/articles/system/131363.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>实战栈溢出：三个漏洞搞定一台路由器<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/26271959">https://zhuanlan.zhihu.com/p/26271959</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>针对提权小神器Sherlock的分析与利用<br><a target="_blank" href="http://www.freebuf.com/sectool/131393.html">http://www.freebuf.com/sectool/131393.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>如何安全擦除磁盘数据<br><a target="_blank" href="http://www.zdnet.com/article/how-to-securely-erase-hard-drives-hdds-and-solid-state-drives-ssds/">http://www.zdnet.com/article/how-to-securely-erase-hard-drives-hdds-and-solid-state-drives-ssds/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Hacking Docker：Registry API 未授权访问<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/253/">http://www.polaris-lab.com/index.php/archives/253/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>企业开发运维工具链中的攻与防<br><a target="_blank" href="https://insomnihack.ch/wp-content/uploads/2017/04/CG-KJ-devoops-2017_22Mar-insomnia.pdf">https://insomnihack.ch/wp-content/uploads/2017/04/CG-KJ-devoops-2017_22Mar-insomnia.pdf</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>pyinotify：Linux文件系统监控工具<br><a target="_blank" href="https://github.com/seb-m/pyinotify">https://github.com/seb-m/pyinotify</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>CVE-2017-2416 GIF表情引发的远程代码执行 <br><a target="_blank" href="https://blog.flanker017.me/cve-2017-2416-gif-rce-chn/">https://blog.flanker017.me/cve-2017-2416-gif-rce-chn/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>非常规网络安全报告 —— 黑客报告2017 !<br><a target="_blank" href="http://zhuanlan.51cto.com/art/201704/536554.htm">http://zhuanlan.51cto.com/art/201704/536554.htm</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Anatomy of a Hack: SQLi via Crypto<br><a target="_blank" href="https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/">https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSRF in Java<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1476.html">https://xianzhi.aliyun.com/forum/read/1476.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Stuxnet drivers: detailed analysis<br><a target="_blank" href="http://artemonsecurity.blogspot.jp/2017/04/stuxnet-drivers-detailed-analysis.html">http://artemonsecurity.blogspot.jp/2017/04/stuxnet-drivers-detailed-analysis.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>PENQUIN’S MOONLIT MAZE The Dawn of Nation-State Digital Espionage<br><a target="_blank" href="https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf">https://securelist.com/files/2017/04/Penquins_Moonlit_Maze_PDF_eng.pdf</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安全加固原型：PaX for Android( Pixel XL测试版)<br><a target="_blank" href="http://www.solidot.org/story?sid=52053">http://www.solidot.org/story?sid=52053</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>fuzz payload<br><a target="_blank" href="https://github.com/foospidy/payloads/">https://github.com/foospidy/payloads/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>如何利用sdclt.exe绕过UAC？<br><a target="_blank" href="http://www.4hou.com/technology/4221.html">http://www.4hou.com/technology/4221.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>深度分析CVE-2017-0007是如何绕过防护措施的<br><a target="_blank" href="http://www.4hou.com/technology/4098.html">http://www.4hou.com/technology/4098.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>OSX/iOS逆向资源合集<br><a target="_blank" href="https://github.com/michalmalik/osx-re-101">https://github.com/michalmalik/osx-re-101</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>二进制漏洞利用的youtube频道<br><a target="_blank" href="https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w">https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w</a></div><div class="single"><span id="tags">[论文]&nbsp;&nbsp;</span>Influential Security Papers 四大会议有影响力的论文统计<br><a target="_blank" href="http://www.sec.cs.tu-bs.de/~konrieck/topnotch/">http://www.sec.cs.tu-bs.de/~konrieck/topnotch/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Protecting customers and evaluating risk – MSRC<br><a target="_blank" href="https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/?from=timeline&amp;isappinstalled=0">https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/?from=timeline&amp;isappinstalled=0</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>高级安卓逆向（Vantage Point 2016）<br><a target="_blank" href="https://regmedia.co.uk/2016/09/02/hacking_soft_tokens_-_bernhard_mueller.pdf">https://regmedia.co.uk/2016/09/02/hacking_soft_tokens_-_bernhard_mueller.pdf</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>利用IPv6绕过IDS检测<br><a target="_blank" href="https://ccdcoe.org/sites/default/files/multimedia/pdf/ip6eva_0.pdf">https://ccdcoe.org/sites/default/files/multimedia/pdf/ip6eva_0.pdf</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>和我一步步部署 kubernetes 集群<br><a target="_blank" href="https://github.com/opsnull/follow-me-install-kubernetes-cluster">https://github.com/opsnull/follow-me-install-kubernetes-cluster</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Hunt domain names using DNSDumpster, WHOIS, Reverse WHOIS, (TODO: Shodan)<br><a target="_blank" href="https://github.com/nethunteros/punter">https://github.com/nethunteros/punter</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>GithubLeakAlert: find credential associated with an host<br><a target="_blank" href="https://github.com/misterch0c/GithubLeakAlert">https://github.com/misterch0c/GithubLeakAlert</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Implementation of our S&amp;P16 paper: A Tough Call: Mitigating Advanced Code-Reuse <br><a target="_blank" href="https://github.com/vusec/typearmor">https://github.com/vusec/typearmor</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>警惕Ubuntu APT源污染<br><a target="_blank" href="http://mp.weixin.qq.com/s/6aQlXRRgZJSLUVBisBGHvQ">http://mp.weixin.qq.com/s/6aQlXRRgZJSLUVBisBGHvQ</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Python编码之殇续集（速八之夜）<br><a target="_blank" href="http://thief.one/2017/04/14/1/">http://thief.one/2017/04/14/1/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Django框架下的安全开发：胖哈勃（Pwnhub）诞生记<br><a target="_blank" href="http://mp.weixin.qq.com/s/1tlUpqdQFHm63gMDmzk6sg">http://mp.weixin.qq.com/s/1tlUpqdQFHm63gMDmzk6sg</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Public Android Vulnerability Information (CVE PoCs etc)<br><a target="_blank" href="https://github.com/derrekr/android_security">https://github.com/derrekr/android_security</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>EFF&#039;s New Wordlists for Random Passphrases <br><a target="_blank" href="https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases">https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>icsmaster: 整合工控安全相关资源（ICS/SCADA Security Resource）<br><a target="_blank" href="https://github.com/w3h/icsmaster">https://github.com/w3h/icsmaster</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler<br><a target="_blank" href="https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html">https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>自动化监控 Twitter 关键词<br><a target="_blank" href="https://yihui.name/cn/2017/04/watch-twitter/">https://yihui.name/cn/2017/04/watch-twitter/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>NoSQLi Lab<br><a target="_blank" href="https://digi.ninja/projects/nosqli_lab.php">https://digi.ninja/projects/nosqli_lab.php</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>大数据安全标准化白皮书<br><a target="_blank" href="http://www.tc260.org.cn/ueditor/jsp/upload/20170409/86891491718759052.pdf">http://www.tc260.org.cn/ueditor/jsp/upload/20170409/86891491718759052.pdf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>外挂分析技术入门<br><a target="_blank" href="http://gslab.qq.com/jc/">http://gslab.qq.com/jc/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)<br><a target="_blank" href="https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html">https://googleprojectzero.blogspot.jp/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WordPress Plugin Security Testing Cheat Sheet  插件代码审计列表<br><a target="_blank" href="https://github.com/CaledoniaProject/wordpress_plugin_security_testing_cheat_sheet">https://github.com/CaledoniaProject/wordpress_plugin_security_testing_cheat_sheet</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>2016 年 MacOS 上的恶意软件总结分析<br><a target="_blank" href="http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Patrick%20Wardle%20-%20Meet%20and%20Greet%20with%20the%20MacOS%20Malware%20Class%20of%202016.pdf">http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Patrick%20Wardle%20-%20Meet%20and%20Greet%20with%20the%20MacOS%20Malware%20Class%20of%202016.pdf</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>SecWiki周刊（第162期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/162">https://www.sec-wiki.com/weekly/162</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Analyse SQL injection attempts in web server logs<br><a target="_blank" href="https://github.com/z00nx/reversemap">https://github.com/z00nx/reversemap</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>[CVE-2017-3881]思科Catalyst 交换机RCE漏洞分析<br><a target="_blank" href="http://www.mottoin.com/100358.html">http://www.mottoin.com/100358.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>VPN SECURITY - PART 6  Building and Testing Your Own VPN<br><a target="_blank" href="http://resources.infosecinstitute.com/building-virtual-private-network-infrastructure-testing/">http://resources.infosecinstitute.com/building-virtual-private-network-infrastructure-testing/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>通过移动传感器窃取PIN：实际风险与用户感知<br><a target="_blank" href="https://arxiv.org/pdf/1605.05549v1.pdf">https://arxiv.org/pdf/1605.05549v1.pdf</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>浏览器信息收集: 利用 PowerShell 无文件读取 Chrome Cookie<br><a target="_blank" href="http://www.mottoin.com/100495.html">http://www.mottoin.com/100495.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>深度学习在自然语言处理中的应用<br><a target="_blank" href="http://geek.csdn.net/news/detail/190707">http://geek.csdn.net/news/detail/190707</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>Getting started with 3G <br><a target="_blank" href="https://cn0xroot.com/2017/04/11/getting-started-with-3g-ip-access-nano3gopenbscosmocom-bb-part-1/">https://cn0xroot.com/2017/04/11/getting-started-with-3g-ip-access-nano3gopenbscosmocom-bb-part-1/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>ETW的入侵检测（part1）<br><a target="_blank" href="https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-1/">https://blogs.technet.microsoft.com/office365security/hidden-treasure-intrusion-detection-with-etw-part-1/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/163">SecWiki周刊(第163期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
